Cyber criminals use a variety of techniques and tools to perform their “trade”, but the cloud firewall can stop them in their tracks.
Successful hackers follow a well developed organized process that usually consists of these five steps:
This process parallels that used by a thief who is after valuable items such as art or jewels that are kept in a secured building with multiple security systems in place.
The hacker too, is after valuable items in the form of data such as user names and passwords that might provide access to more sensitive data.
Reconnaissance
In the reconnaissance step, the hacker cases the target by gathering information in order to put together a plan of attack. This might include the target IP address range, domain name, network, DNS records, and mail server. The attacker might also visit the target’s website and use search engines to extract more information that might prove useful.
Scanning
Information gathered during the reconnaissance step is used to direct the hacker’s scanning efforts, which employ various tools such as port scanners, vulnerability scanners, and network mappers. The information gained in this step is more narrow in scope (focused) than that acquired during reconnaissance. The probing is more concerned with the target’s systems.
Gaining Access
When the information gathering reveals a vulnerability, the hacker exploits it and gains access. Perhaps an SQL injection is performed if the information revealed such a vulnerability. Or a phishing campaign is conducted after learning about multiple new employees of the company who would likely be unfamiliar with security protocols.
Maintaining Access
In this step, the hacker secures the accessed environment against detection by the security staff. She might do this by acquiring high level privileges or setting up her own user account complete with credentials. Once secured, the hacker then steals data or perhaps uses various devices in the business to launch other attacks.
Covering Tracks
In the last stage, the hacker removes all evidence of his presence or makes it appear as though the hack never took place. This causes the company to continue with business as usual (and doesn’t strengthen defenses), which allows the hacker easy future access by exploiting the same weaknesses or using a backdoor.
Preventing this from happening to your business starts with using an “industrial strength” cloud firewall.
Firewall as a Service allows increased visibility into applications, users, and content and helps determine which applications are traversing the network, who is using them, and the associated security risk.
To learn more about our cloud firewall options, please contact us.
